Updated OpenStack Identity packages that resolve various issues are nowavailable for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse)for RHEL 7.
Red Hat Enterprise Linux OpenStack Platform provides the facilities forbuilding a private or public infrastructure-as-a-service (IaaS) cloudrunning on commonly available physical hardware.
This advisory includespackages for:* OpenStack Identity serviceThe OpenStack Identity service (keystone) authenticates and authorizesOpenStack users by keeping track of users and their permitted activities.The Identity service supports multiple forms of authentication includinguser name and password credentials, token-based systems, and AWS-stylelogins.This update addresses the following issue:* Previously, calculations of AWS Signature Version 4 would not be properlyformatted for POST as there was a logic mismatch between boto andkeystoneclient.
This was because keystoneclient had its own EC2 v4 signatureimplementation.
Consequently, EC2 v4 signature calculations would fail.With this update, CanonicalQueryString is set to an empty string when usingPOST and calculating AWS Signature Version 4 (this follows the implementationused by the AWS and boto clients).As a result, EC2 Signature Validation now succeeds. (BZ#1142090)
Before applying this update, ensure all previously released errata relevantto your system have been applied.Red Hat Enterprise Linux OpenStack Platform 5 runs on Red Hat EnterpriseLinux 7.3.The Red Hat Enterprise Linux OpenStack Platform 5 Release Notes contain thefollowing:* An explanation of the way in which the provided components interact toform a working cloud computing environment.* Technology Previews, Recommended Practices, and Known Issues.* The channels required for Red Hat Enterprise Linux OpenStack Platform 5,including which channels need to be enabled and disabled.The Release Notes are available at:https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.htmlThis update is available through the Red Hat Network.
Details on how to usethe Red Hat Network to apply this update are available athttps://access.redhat.com/site/articles/11258
1142090 – Heat cfn-push-stats failed with ‘403 SignatureDoesNotMatch’
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: